Since the General Data Protection Regulation (GDPR) came into force on the 25th of May 2018, SaaS suppliers and SaaS customers are legally obliged to include a written data processing agreement (DPA) in the terms of their SaaS agreements. The DPA usually forms a schedule to the SaaS agreement and must include the specific and detailed mandatory obligations set out in the GDPR. SaaS suppliers should use their own DPA and resist any attempt by a SaaS customer to have them sign up to the SaaS customer’s DPA for the following reasons.Continue reading
Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.Continue reading
There have recently been a number of high profile cases on liability for the sending of inappropriate tweets in the UK and the USA.
As tweeting becomes more and more the norm for many businesses it is important to consider the legal consequences of staff sending inappropriate tweets. Before allowing, permitting or encouraging staff to start tweeting on your behalf or with your brand you should consider creating a tweeting policy.Continue reading
If you are a SaaS supplier who often deals with customers located outside of the UK, you will have experienced customers insisting on their local law applying to your SaaS agreement. Many SaaS suppliers agree to this by simply removing “English law” from the SaaS agreement and replacing it with, for example, “German law” unaware of the consequences this will have upon their SaaS terms and conditions.Continue reading